AWSBucketDump – Tool to Search Data in S3 Buckets

AWSBucketDump is a tool to quickly enumerate AWS S3 buckets to look for loot. It’s similar to a subdomain bruteforcer but is made specifically for S3 buckets and also has some extra features that allow you to grep for delicious files as well as download interesting files if you’re not afraid to quickly fill up your hard drive.

AWSBucketDump – Security Tool to Look For Interesting Files in S3 Buckets

You can build your keywords and target a specific hostlist that you want to test. The result about each target will be displayed on the console and you will find not accessible result or the path for the file exposed.

Generally a public access to any resource should be reviewed and verified as this may expose some valuable information. Storing files and data in AWS S3 will help in accelerating tasks and reduce expenses but it will be highly recommended to consider and apply all security requirements.

You can read more and download the testing scripts over here: https://github.com/jordanpotti/AWSBucketDump

Share